[HackerNews] Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library.
<!–adsense–>
The supply-chain attack targeting the open-source library saw three

Source: Read More (The Hacker News)

You might be interested in …

[HackerNews] Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine

All posts, HackerNews

Law enforcement agencies have announced the arrest of two “prolific ransomware operators” in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents. The joint exercise was undertaken on September 28 by officials from […]

Read More

[SecurityWeek] VMWare Calls Attention to High-Severity vCenter Server Flaw

All posts, Security Week

Cloud computing and virtualization technology giant VMWare on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

All posts, HackerNews

A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers […]

Read More